1. Field of the Invention
The present invention relates to a system and method for effecting mutual authentication between a portable electronic device such as an IC card having an IC (integrated circuit) chip enclosed therein and a host device or terminal device.
2. Description of the Related Art,
In Order to increase the security of the data stored on an IC card, the provision of a cipher algorithm within the IC card and the use of this to execute mutual authentication between an external terminal device, such as a host computer, and the IC card was conceived. In this mutual authentication system, first, both the IC card and the terminal device were designed to possess identical key data and identical initial data at a specified timing. Then, using a specified command as the trigger, the result of calculating the key data and the initial data as a parameter is transmitted by one of the IC card and terminal device to the other one as authentication data. The side which receives these authentication data (the IC card) also carries out the calculation of the key data and the initial data as a parameter and executes a comparison between that result and the authentication data which has been transmitted to it. Thus, mutual authentication is carried out by the IC card and the terminal device alternately executing the above.
Thus, after the IC card has determined "the legitimacy of the terminal device" based on the authentication data which have been transmitted from the terminal device, data are transmitted from the IC card to the terminal device so that the terminal device may judge "the legitimacy of the IC card". However, the IC card's authentication data are transmitted to the terminal device regardless of the result of "the legitimacy of the terminal device". Thus, there is a problem in that the authentication data of the IC card were acknowledged even for terminal devices which were not legitimate.
As described above, in prior art mutual authentication systems, after determining the legitimacy based on the authentication data transmitted from a terminal device to an IC card, authentication data were transmitted from the IC card to the terminal device regardless of the result. Thus, there was a problem concerning the security of the authentication data of the IC card.